<?php
require_once("include/global.php");
@session_start();
$username = strip_tags(my_addslashes($_POST['username']));
$password = my_addslashes($_POST['password']);
$log_ID   = intval($_POST['logID']);
$code     = my_addslashes($_POST['code']);
$content  = htmlspecialchars(my_addslashes($_POST['content']));
$ip       = GetIp();
$posttime = time();

if(strlen($content) < 6)
{
	die("评论不得少于6个字符");
}
if($_SESSION['code'] != $code)
{ 
	$_SESSION['code'] = '';
	die("验证码不正确."); 
}
$_SESSION['code'] = '';
if(!isset($_SESSION['username']))
{
	$sql = "select * from blog_user where user_Name = '$username'";
	$result = mysql_query($sql);
	if(mysql_num_rows($result))
	{
		$rs = mysql_fetch_object($result);
		if(!empty($rs->user_Password) && strcasecmp($rs->user_Password,md5($password)))
		{
			die("Username already exists and password is needed");		
		}
		if(strcasecmp($rs->user_Password,md5($password)) == 0)
		{ $_SESSION['username'] = $rs->user_Name; }
	}
}

$sql = "INSERT INTO blog_comment (comm_ID , comm_LogID , comm_Content , comm_Author ,comm_PostTime , comm_PostIP) VALUES (0, $log_ID, '$content', '$username', '$posttime', '$ip');";

mysql_query($sql) or die ("Post comment error ".mysql_error());

$sql = "SELECT count(*) from blog_comment where comm_LogID = $log_ID";
$result = mysql_query($sql);
$rs = mysql_fetch_array($result);
$commnums = $rs[0];
$sql = "UPDATE blog_article SET log_CommNums = $commnums WHERE log_ID = $log_ID LIMIT 1";
mysql_query($sql) or die(mysql_error());

echo "Successful";
 
?>